IACD is a strategy for increasing the speed and scale of cyber defenses by leveraging automation to enhance the effectiveness of human defenders, moving them outside the response loop into a response planning and approval role “on the loop” of cyber defense.  Learn more about IACD here.
The Integrated Adaptive Cyber Defense (IACD) concept was driven by existing and increasingly more critical challenges in cyber defense:
  • Cybersecurity solutions and operations cannot scale to complexity, interdependencies, and pervasiveness of threats
  • Adversaries already employ re-use, modularization, orchestration and automation
  • Acquisition and procurement processes don’t accommodate for the speed of technology evolution
  • Workforce realities demand a different approach –skilled human capital is at a premium
IACD provides a framework, including reference architectures, use cases, draft specifications, and implementation examples that enable enterprises owners to leverage investments they have already made in cybersecurity through adoption of this extensible, adaptive approach to meet the challenges listed above.
IACD integrates the activities of multiple products and services to automate the determination of risk, the decision to act, and the synchronization of response actions in accordance with the organization’s business rules. In addition, IACD shares threat information and responses across communities of trust. An organization’s business rules are codified by the procedures (referred to as “playbooks”) it follows when it encounters a cyber event. IACD translates these procedures into workflows that enable automation of the key capabilities of IACD: sensing, sense-making, decision-making, and action. Further details are available in the IACD Reference Architecture (PDF).
The IACD project was initiated in 2014 by the Department of Homeland Security (DHS) and the National Security Agency (NSA). They jointly sponsor strategic research and development by the Johns Hopkins University Applied Physics Laboratory (JHU-APL) in collaboration with government, academic, and commercial organizations.
IACD has three driving tenets that influence its concepts and capabilities: 1) bring your own enterprise; 2) employ a product-agnostic, plug-and-play architecture; and 3), insist on interoperability. IACD acknowledges that enterprises have different missions, business process rules, and resources and therefore may implement IACD differently. IACD must be flexible enough to support a range of enterprise environments, technologies, resources, and levels of sophistication. Finally, proprietary products must function together via non-proprietary methods.
IACD information is readily available on the IACD website (URL). See the “Our Work” area of the website for:
  • IACD spiral development summaries
  • IACD Reference Architecture
  • IACD Specifications
  • IACD Reference Implementations
  • IACD White Papers addressing specific issues and challenges
In addition, a growing number of vendors, integrators, and service providers are entering this market and offering information on their products and services.
IACD stimulates both the demand for and the supply of IACD-related products and services. This stimulation has been achieved through research and experimentation spirals that result in practical demonstrations of IACD capabilities. In addition, the IACD team has engaged with potential adopters and vendors to make them aware of these capabilities and their market potential. To date, we have observed a growing interest in IACD adoption and a growing number of IACD-relevant products and services. This trend is expected to accelerate.
Community Days are conducted two or three times a year. They bring together an IACD Community of Interest (COI) comprised of potential adopters, commercial firms, research organizations, academic institutions, cyber experts and government agencies. Community Days are an excellent opportunity to learn the latest information, make contacts, and contribute to a growing community of interest. Highlights of past events and ongoing IACD broader advancements are available here.
The IACD Community of Interest (COI) includes adopters, suppliers, cyber security experts, commercial firms, research organizations, academic institutions, and government entities. Currently, the IACD COI has no formal structure, but it involves organizations such as Information Sharing and Analysis Centers (ISACs), which operate on a more formal basis. It is an evolving community that continues to attract a variety of organizations interested in advancing the-art-of-the-possible in cyber defense. Come to Community Days and meet the members of the community.
Contact the IACD team for more information and attend a community day to network with other participants. Refer to https://secwww.jhuapl.edu/iacdcommunityday/ to get the latest information.
There are many ways to participate, as adopters, vendors, and influencers:
  • Participate in IACD Community Days
  • Share successes and lessons learned from your own experiences
  • Share your processes and procedures (playbooks) for responding to cyber events
  • Participate in or offer reference implementations available to the IACD community in limited or public forum
  • Assist in developing relevant specifications
  • Demonstrate IACD solutions
  • As a vendor or solution provider, participate in spiral efforts to demonstrate the art-of-the-possible
  • Highlight how your organization measures or recognizes the value of security automation
  • Inform the IACD Community of Interest customer and industry relevant objectives, challenges, user scenarios, successes and gaps
  • Connect with our team!
The Department of Homeland Security’s (DHS) free Automated Indicator Sharing (AIS) capability enables the exchange of cyber threat indicators between the Federal Government and the private sector at machine speed. It uses the STIX and TAXII format and transport standards to ensure compatibility with the rapidly expanding set of STIX compatible cybersecurity applications and initiatives. Additional information available here.
AIS is one of many sources of threat information that IACD can employ. An IACD-enabled enterprise can consume and act upon AIS indicators and defensive measures. In return, IACD can provide indicators and defensive measures to AIS.